Présentation : OpenIOC, Mat Oldham, Mandiant OpenIOC is an open, extensible format that is used to organize and describe unique indicators associated with malware such as file names, MD5's, file sizes, etc. While much of the emphasis has been on host-based Indicators of Compromise, the OpenIOC format has been developed in such a way that it is platform and technology agnostic. This discussion will talk about what OpenIOC is, how to use OpenIOC to describe network based Indicators of Compromise, how to combine host- and network-based Indicators of Compromise into one logical grouping and how to convert OpenIOC indicators to other common network based platforms such as Snort. Mat Oldham is a Technical Director at MANDIANT with over five years of computer and information security experience. In this role, Mr. Oldham leads MANDIANT's network intrusion detection and threat analysis team. This includes research and development of emerging sophisticated network based threats along with the development of tools and analysis capabilities to make MANDIANT a leader in finding evil in motion at clients around the world.